The performance cost of shadow stacks and stack canaries
Control flow defenses against ROP either use strict, expensive, but strong protection against
redirected RET instructions with shadow stacks, or much faster but weaker protections …
redirected RET instructions with shadow stacks, or much faster but weaker protections …
Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code
Unlike library code, whose instruction addresses can be randomized by address space
layout randomization (ASLR), application binary code often has static instruction addresses …
layout randomization (ASLR), application binary code often has static instruction addresses …
TrustVisor: Efficient TCB reduction and attestation
An important security challenge is to protect the execution of security-sensitive code on
legacy systems from malware that may infect the OS, applications, or system devices. Prior …
legacy systems from malware that may infect the OS, applications, or system devices. Prior …
Modular control-flow integrity
Control-Flow Integrity (CFI) is a software-hardening technique. It inlines checks into a
program so that its execution always follows a predetermined Control-Flow Graph (CFG). As …
program so that its execution always follows a predetermined Control-Flow Graph (CFG). As …
Neural nets can learn function type signatures from binaries
Function type signatures are important for binary analysis, but they are not available in
COTS binaries. In this paper, we present a new system called EKLAVYA which trains a …
COTS binaries. In this paper, we present a new system called EKLAVYA which trains a …
Per-input control-flow integrity
Control-Flow Integrity (CFI) is an effective approach to mitigating control-flow hijacking
attacks. Conventional CFI techniques statically extract a control-flow graph (CFG) from a …
attacks. Conventional CFI techniques statically extract a control-flow graph (CFG) from a …
[PDF][PDF] Opaque Control-Flow Integrity.
A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is
presented, which is the first to efficiently resist code-reuse attacks launched by informed …
presented, which is the first to efficiently resist code-reuse attacks launched by informed …
[PDF][PDF] Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming.
Until recently, it was widely believed that code randomization (such as fine-grained ASLR)
can effectively mitigate code reuse attacks. However, a recent attack strategy, dubbed just-in …
can effectively mitigate code reuse attacks. However, a recent attack strategy, dubbed just-in …
Shuffler: fast and deployable continuous code {re-randomization}
D Williams-King, G Gobieski, K Williams-King… - … USENIX Symposium on …, 2016 - usenix.org
While code injection attacks have been virtually eliminated on modern systems, programs
today remain vulnerable to code reuse attacks. Particularly pernicious are Just-In-Time ROP …
today remain vulnerable to code reuse attacks. Particularly pernicious are Just-In-Time ROP …
[PDF][PDF] XFI: Software guards for system address spaces
U Erlingsson, M Abadi, M Vrable, M Budiu… - Proceedings of the 7th …, 2006 - usenix.org
XFI is a comprehensive protection system that offers both flexible access control and
fundamental integrity guarantees, at any privilege level and even for legacy code in …
fundamental integrity guarantees, at any privilege level and even for legacy code in …